AMENDMENTS TO CLAIMS 



1 1. (currently amended): A method for updating a protected partition within a 

2 hard drive of a computing system, wherein said method comprises: 

3 starting execution of an initialization program in a processor within said 

4 computing system in response to turning on electrical power within said 

5 computing system; 

6 determining whether an update partition file is stored in non-volatile 

7 storage within said computing system for subsequently updating said protected 

8 partition; 

9 after determining that said update partition fNe is stored within said 

10 computing system for updating said protected partition, wr i t i ng a port i on of said 

11 updat e partit i on f ile to sa i d prot e ct e d part i t i on comparing information stored in 

12 said protected partition with information within said update partition file; 

13 when a matching portion of said information stored in said protected 

14 partition is found to be similar to a portion of said information stored within said 

15 update partition file, overwriting said matching portion with said portion of said 

16 information stored in said protected partition if space around said matching 

17 portion is sufficient : 

18 when a matching portion of said information stored in said protected 

19 partition is not found to be similar to a portion of said information stored within 

20 said update partition file, writing said portion of said information stored within 

21 said update partition file to appended to said information stored in said protected 

22 partition if space within said protected partition is sufficient : and 

23 locking said protected partition to prevent further modification of 

24 information stored within said protected partition. 
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1 2. (currently amended): The method of claim 1, wherein 

2 a flag bit is set in non-volatile storage within said computing system when 

3 said update partition file is stored at a predetermined location in non-volatile 

4 storage within said computing system, and 

5 determining whether said update partition is stored within said computing 

6 system for updating said protected partition is performed by determining 

7 whether said flag bit is set. 

1 3. (original): The method of claim 1 , wherein 

2 said method additionally comprises, after determining that said update 

3 partition file is stored within said computing system for updating said protected 

4 partition, verifying whether said update partition file has been generated by a 

5 trusted server system, and 

6 said portion of said update partition is written to said protected partition 

7 only following verification that said update partition file has been generated by 

8 a trusted server system. 

1 4. (original): The method of claim 3, wherein verification that said update 

2 partition file has been generated by said trusted server system includes: 

3 forming a first message digest by applying a hash algorithm to a portion 

4 of said update partition file; 

5 forming a second message digest by decrypting a digital signature within 

6 said update partition file using a public key of said trusted server system; and; 

7 determining that said first and second message digests are identical. 

1 5. (original): The method of claim 3, wherein 

2 a setup password is stored in non-volatile storage within said computing 

3 system, 

4 verifying that said update partition file has been generated by said trusted 

5 server system includes signing an encrypted portion of said update partition file 
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6 with a public key of said trusted server system, and 

7 said encrypted portion of said update partition file has been prepared by 

8 signing, with a private key of said trusted server system, a result of the 

9 application of an algorithm to data including a version of said setup password 
1 0 accessed by said trusted server system. 

1 6. (original): The method of claim 5, wherein 

2 said data includes said version of said setup password appended to a 

3 portion of said update partition file, 

4 said algorithm is a hash algorithm generating a message digest, and 

5 verifying that said update partition file has been generated by said 

6 trusted server system includes applying said hash algorithm to said setup 

7 password stored within said computing system appended to a portion of said 

8 update partition file to generate a first version of a message digest and 

9 comparing said first version of said message digest with a second version of 

10 said message digest obtained by signing said encrypted portion of said update 

1 1 partition file. 

1 7. (currently amended): The method of claim 1, wherein 

2 said update partition file includes a plurality of entries and a plurality of 

3 encrypted elements, 

4 each entrv within said pluralitv of entries includes information to be stored 

5 at a different location within said protected file partition. 

6 each encrypted element within said plurality of encrypted elements is 

7 associated with an entry in said plurality of entries. 

8 said method additionally comprises, following determining that said 

9 update partition file is stored within said computing system for updating said 

10 protected partition, verifying whether each entry in said plurality of entries within 

1 1 said update partition file has been generated by a trusted server system, and 

12 each entry in said plurality of entries within said update partition is written 
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13 to said protected partition only following verification that said entry has been 

14 generated by a trusted server system. 

1 8. (original): The method of claim 7, wherein verifying that said entry has been 

2 generated by said trusted server system includes: 

3 forming a first message digest by applying a hash algorithm to said entry; 

4 forming a second message digest by signing said encrypted element 

5 associated with said entry using a public key of said trusted server system; and; 

6 determining that said first and second message digests are identical. 

1 9. (original):: The method of claim 7, wherein 

2 a setup password is stored in non-volatile storage within said computing 

3 system, 

4 verifying that said entry has been generated by said trusted server 

5 system includes signing said encrypted element associated with said entry 

6 with a public key of said trusted server system, and said encrypted element of. 

7 said update partition file has been prepared by signing, with said private key of 

8 said trusted server system, a result of the application of an algorithm to data 

9 including a version of said setup password accessed by said trusted server 
10 system. 

1 10. (original):: The method of claim 9, wherein 

2 said data includes said version of said setup password appended to a 

3 said entry, 

4 said algorithm is a hash algorithm generating a message digest, and 

5 verifying that said entry has been generated by said trusted server 

6 system includes applying said hash algorithm to said setup password stored 

7 within said computing system appended said entry to generate a first version of 

8 a message digest and comparing said first version of said message digest with 
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9 a second version of said message digest obtained by signing said encrypted 
1 0 element. 

1 11. (original): The method of claim 7, wherein 

2 information stored in said protected partition is compared to each entry in 

3 said plurality of entries within said update partition, 

4 when a matching portion of said information stored in said protected 

5 partition is found to be similar to said entry, said matching portion is ovenwritten 

6 with said entry if space around said matching portion is sufficient, and 

7 when a matching portion of said information stored in said protected 

8 partition is not found to be similar to said entry, said entry is appended to said 

9 information stored in said protected partition if space within said protected 

1 0 partition is sufficient. 

1 12. (original): The method of claim 1 , wherein 

2 said method additionally comprises receiving an input signal from a 

3 keyboard of said computing system and comparing said input signal with a 

4 signal corresponding to a setup password stored in non-volatile storage within 

5 said computing system, and 

6 said protected partition is left unlocked if said input signal matches said 

7 signal corresponding to said setup password. 

1 13. (currently amended): A method for updating a protected partition within a 

2 hard drive of a client computing system, wherein said method comprises: 

3 generating an update partition file within a server; 

4 transferring said update partition file from said server to said client 

5 computing system; 

6 storing said update partition file in non-volatile storage within said client 

7 computing system; 

8 starting execution of an initialization program in a processor within said 
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9 client computing system in response to tuming on electrical power within said 

10 client computing system; 

1 1 determining that said update partition file is stored in non-volatile storage 

12 within said client computing system; 

13 writ i ng a portion of said update part i tion f il o to sa i d protoctod partition; 

14 comoarina information stored In said protected partition with information 

15 within said update partition file: 

16 when a matching portion of said information stored in said protected 

17 partition is found to be similar to a portion of said information stored within said 

18 update partition file, ovenft/ritlna said matching portion with said portion of said 

19 information stored in said protected partition if space around said matching 

20 portion is sufficient : 

21 when a matching portion of said information stored In said protected 

22 partition is not found to be similar to a portion of said information stored within 

23 said update partition file, writing said portion of said information stored within 

24 said update partition file to appended to said information stored in said protected 

25 partition if space within said protected partition is sufficient: and 

26 locking said protected partition to prevent further modification of 

27 information stored within said protected partition. 

1 14. (original): The method of claim 13, wherein said update partition file is 

2 transferred from said server to said client computing system by means of 

3 electrical signals transmitted through a public switched telephone network. 

1 15. (original): The method of claim 13, wherein said update partition file is 

2 transferred from said server to said client computing system by means of 

3 electrical signals transmitted over a local area network. 
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1 16. (original): The method of claim 13, wherein transferring said update 

2 partition file from said server to said client computing system includes: 

3 writing said update partition file to a removable computer readable 

4 medium from said server; 

5 transporting said removable computer readable medium from said sever 

6 to saidclient computing system; and 

7 reading said update partition file from said removable computer readable 

8 medium into said client computing system. 

1 17. (currently amended): The method of claim 13, wherein 

2 a flag bit is set in non-volatile storage within said client computing system 

3 when said update partition file is stored at a predetermined location in 

4 non-volatile storage within said client computing system, and 

5 determining that said update partition file is stored in non-volatile storage 

6 within said client computing system includes determining that said flag bit is set. 

1 18. (original): The method of claim 13, wherein 

2 said method additionally comprises, following a determination that said 

3 update partition file is stored within said client computing system for updating 

4 said protected partition, verifying within said client computer system that said 

5 update partition file has been generated by said server, and 

6 said portion of said update partition is written to said protected partition 

7 only following verification that said update partition file has been generated by 

8 said server. 

1 19. (original): The method of claim 18, wherein: 

2 generating said update partition file within said server includes forming a 

3 first message digest by applying a hash algorithm to a portion of said update 

4 partition file, signing said first message digest with a private key of said server to 

5 form a digital signature, and appending said digital signature to data within said 
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6 update partition file; and 

7 verifying within said client computing systenn that said update partition file 

8 has been generated by said server includes forming a second message digest 

9 by applying a hash algorithm to a portion of said update partition file, forming a 

10 third message digest by signing said digital signature within said update partition 

1 1 file using a public key of said server, and determining that said second and third 

1 2 message digests are identical. 

1 20. (original): The method of claim 18, wherein: 

2 a setup password is stored in non-volatile storage within said client 

3 computing system; 

4 a copy of said setup password is stored in a database accessible to said 

5 server; 

6 generating said update partition file within said server includes forming 

7 an encrypted portion of said update partition file by signing a result of the 

8 application of an algorithm to data including said copy of said setup password; 

9 and 

10 verifying within said client computing system that said update partition file 

1 1 has been generated by said server includes signing said encrypted portion of 

12 said update partition file with a public key of said server. 

1 21. (original): The method of claim 20, wherein 

2 said data includes said version of said setup password appended to a 

3 portion of said update partition file, said algorithm is a hash algorithm 

4 generating a message digest, and 

5 verifying within said client computing system that said update partition 

6 file has been generated by said trusted server includes applying said hash 

7 algorithm to said setup password stored within said client computing system 

8 appended to a portion of said update partition file to generate a first version of 

9 a message digest and comparing said first version of said message digest with 
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10 a second version of said message digest obtained by signing said encrypted 

1 1 portion of said update partition file with said public key of said server. 

1 22. (currently amended): The method of claim 13, wherein 

2 said update partition file includes a plurality of entries and a plurality of 

3 encrypted elements, 

4 each entry within said plurality of entries includes information to be stored 

5 at a different location within said protected file partition, 

6 each encrypted element within said plurality of encrypted elements is 

7 associated with an entry in said plurality of entries. 

8 said method additionally comprises, following a determination that said 

9 update partition file is stored within said client computing system for updating 

10 said protected partition, verifying within said client computing system whether 

1 1 each entry in said plurality of entries within said update partition file has been 

12 generated by a server, and 

13 each entry in said plurality of entries within said update partition is written 

14 to said protected partition only following verification that said entry has been 

15 generated by said server. 

1 23. (original): The method of claim 22, wherein 

. 2 each said encrypted element is formed in said server by applying a hash 

3 algorithm to said entry, forming a first message digest, and by signing said first 

4 message digest with a private key of said server; and 

5 verification that said entry has been generated by said server includes 

6 forming a second message digest by applying a hash algorithm to said entry, 

7 forming a third message digest by signing said encrypted element associated 

8 with said entry using a public key of said server, and determining that said 

9 second and third message digests are identical. 
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1 24. (original): The method of claim 22, wherein 

2 a setup password is stored in non-volatile storage within said client 

3 computing system; 

4 a copy of said setup password is stored in a database accessed by said 

5 server; 

6 said encrypted element of said update partition file is prepared in said 

7 server by signing, with a private key of said server, a result of the application of 

8 an algorithm to data including said copy of said setup password; and 

9 verification within said client computing system that said entry has been 

10 generated by said server includes signing said encrypted element associated 

1 1 with said entry with said public key of said server, 

1 25. (original): The method of claim 24, wherein 

2 said data includes said version of said setup password appended to a 

3 said entry, 

4 said algorithm is a hash algorithm generating a message digest, and 

5 said verification that said entry has been generated by said server 

6 includes applying said hash algorithm to said setup password stored within said 

7 client computing system appended to said entry to generate a first version of a 

8 message digest and comparing said first version of said message digest with a 

9 second version of said message digest obtained by signing said encrypted 
10 element. 

1 26. (currently amended): A computer system comprising: 

2 a processor executing an initialization program in response to power 

3 being turned on in said computer program; 

4 a hard drive having a protected partition blocked during execution of an 

5 initialization program to prevent changing information stored within said 

6 protected partition; 
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7 non-volatile storage storing an update partition data structure for 

8 modifying contents of said protected partition and said initialization program, 

9 wherein said initialization program executing within said processor 

1 0 determines that said update partition data structure is stored in 

1 1 said non-volatile storage, writes a port i on of oaid update part i t i on data 

12 Gtruotur e to oa i d protootod part i t i on, 

13 compares information stored in said protected partition with 

14 information within said update partition file. 

15 overwrites said matching portion with said portion of said formation 

16 stored in said protected partition if space around said mat ching portion is 

17 sufficient when a matching portion of said information st ored in said 

18 protected partition is found to be similar to a portion of s aid information 

19 stored within said update partition file. 

20 writes said portion of said information stored within said update 

21 partition file to appended to said information stored in said protected 

22 partition if space within said protected partition is sufficient when a 

23 matching portion of said information stored in said protect ed partition is 

24 not found to be similar to a portion of said information stored within said 

25 update partition file, and 

26 locks said protected partition to prevent further modification of 

27 information stored within said protected partition. 

1 27. (currently amended): The computer system of claim 26, wherein 

2 a fiag bit is set in non-volatile storage within said computing system when 

3 said update partition data structure is stored at a predetermined location in 

4 non-volatile storage within said computing system, and 

5 said initialization program determines said update partition is stored 

6 within said computing system for updating said protected partition is performed 

7 by determining that said flag bit is set. 
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1 28. (original): The computer system of claim 26, wherein 

2 after determining that said update partition data structure is stored within 

3 said computing system for updating said protected partition, said initialization 

4 program verifies whether said update partition data structure has been 

5 generated by a trusted server system, and 

6 said portion of said update partition is written to said protected partition 

7 only following verification that said update partition data structure has been 

8 generated by a trusted server system. 

1 29. (currently amended): The computer system of claim 28, wherein 

2 said update partition data structure includes a plurality of entries and a 

3 plurality of encrypted elements, 

4 each entry within said plurality of entries includes information to be stored 

5 at a different location within said protected file partition. 

6 each encrypted element within said plurality of encrypted elements is 

7 associated with an entry in said plurality of entries, and 

8 said initialization program uses each said encrypted element to 

9 detemiine that an entry associated with said encrypted element has been 
10 generated by said trusted server system. 

1 30. (original): The computer system of claim 29, wherein 

2 said non-volatile storage additionally stores a setup password, and 

3 each said encrypted element includes a digital signature signed by said 

4 trusted server system, wherein said digital signature is formed by applying a 

5 hash algorithm to an entry associated with said encrypted element to form a 

6 message digest and by signing said message digest with a private key of said 

7 trusted server system. 
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1 31. (currently amended): A computer-readable medium, having stored thereon 

2 a data structure comprising a plurality of entries and a plurality of encrypted 

3 elements, wherein 

4 each entry within said plurality of entries includes information to be stored 

5 at a different location within said protected file partition. 

6 each encrypted element within said plurality of encrypted elements is 

7 associated with an entry in said plurality of entries, and 

8 each said encrypted element includes a digital signature signed by a 

9 trusted server system, wherein said digital signature is formed by applying a 

10 hash algorithm to an entry associated with said encrypted element, appended 

1 1 with a setup password of said computer system to form a message digest and 

12 by signing said message digest with a private key of said trusted server 

13 system. 

1 32. (currently amended): A system for updating a protected partition within a 

2 hard drive of a remote computing system, wherein said system comprises: 

3 a server including a database storing a setup password of said remote 

4 computer system and a public key of said remote computer system, and storage 

5 having stored thereon a data structure comprising a plurality of entries and a 

6 plurality of encrypted elements, wherein each entry within said plurality of 

7 entries includes information to be stored at a different location within said 

8 protected file partition, wherein each encrypted element within said 

9 plurality of encrypted elements is associated with an entry in said plurality of 

10 entries, and each said encrypted element includes a digital signature signed by 

1 1 said server, wherein said digital signature is formed by applying a hash 

12 algorithm to an entry associated with said encrypted element to form a message 

13 digest and by signing said message digest with a private key of said server; 

14 means for transferring said data structure from said server to said remote 

15 computing system; 

16 a processor within said remote computer system; 
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17 non-volatile storage within said remote computer system storing an 

18 initialization program for execution within said processor in response to power 

19 being turned on within said remote computer system, wherein said initialization 

20 program executing within said processor determines that said update partition 

21 data structure is stored in said non-volatile storage, determines that each entry 

22 has been generated by said server, writes a portion of said entries to said 

23 protected partition, and locks said protected partition to prevent further 

24 modification of information stored within said protected partition. 

1 33. (new): The method of claim 20, wherein a copy of said setup password is 

2 stored for access by said server while setting a configuration of said client 

3 computing system. 

1 34. (new): The method of claim 24, wherein a copy of said setup password is 

2 stored for access by said server while setting a configuration of said client 

3 computing system. 

1 35. (new): The method of claim 32, wherein a copy of said setup password is 

2 stored for access by said server while setting a configuration of said remote 

3 computing system. 

1 36. (new): The method of claim 32, wherein a copy of said public key of said 

2 remote computer system is stored for access by said server while setting a 

3 configuration of said remote computing system. 
4 
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